Week 12

Just a few days prior to its monthly patch release, Microsoft released an emergency patch for a critical vulnerability in the Windows Host Compute Service Shim (hcsshim) library that could allow remote attackers to run malicious code on Windows computers.

Windows Host Compute Service Shim (hcsshim) is an open source library that helps “Docker for Windows” execute Windows Server containers using a low-level container management API in Hyper-V.

Discovered by Swiss developer and security researcher Michael Hanselmann, the critical vulnerability (tracked as CVE-2018-8115) is the result of the failure of the hcsshim library to properly validate input when importing a Docker container image

Cybercriminals have obtained more than five million credit & debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor. The data was stolen using software that was implanted into the cash register systems at the stores. The investigation continues, but its e-commerce platform appears to not have been affected by the breach. However, the company has not stated how may customer accounts or stores were affected by the attack. This theft is one of the largest known breaches of a retailer and demonstrates how hard it is to secure credit-card transaction systems.

It was found that a group of Russian-speaking hackers known as Fin7 or JokerStash posted online that it had obtained a cache of five million stolen card numbers. Fin7 did not state where the numbers had been obtained. It is unclear how the malware was installed in the stores checkout systems, but it was stated that it was most likely from phishing emails.

United States has recently seen cyber-attacks on 7 natural gas pipeline operators. The attackers targeted 3rd party communications system Latitude Technologies. The result was that several services broke down. It’s still unclear whether any customer data was stolen in these attacks. Additionally, 4 pipeline providers namely Oneok, Boardwalk Pipeline Partners, Energy Transfer Partners and Eastern Shore Natural Gas confirmed that even they were attacked. This is a double-edged sword because energy industry continues to grow and increasingly become more and more dependent on automation and internet. The industry is particularly vulnerable to these attacks because of the invaluable amounts of customer information, profiles of customers, energy strategies, and business data.

Cybersecurity experts say that these hackers could potentially cause spills, fires, and service disruptions all from the comfort of their own home.

One of the reports published by FireEye says that many Indian companies are subjected to cyber-attacks and are quite repetitive. Out of all the industries, Education and Telecommunication industries have been the most common targets. Seems like over 49% of the customers in India and the APAC region have been victims of cyber-attacks in a year. Tim Wellsmore, director for threat intelligence-APAC at FireEye briefs that India is in a difficult position. Organisations are increasingly being re-targeted and there is a certain lack of skill shortage making governments and organisations ill-equipped to handle sophisticated attacks.